May
14
2013

Reload in X? Why don’t you rollback or replace the configuration?

Do you remember the article ‘How to schedule a reload‘? This feature (reload in ‘x’) is useful when you must apply a critical configuration on a remote device, for instance new route or new acl. In fact, if you happen to lose connection to device after a change, you must wait the device reload to reconnect to it. This can be a solution but there is a better solution: the replace/roolback feature.

Introduced in 12.3(7)T IOS, the Configuration Replace and Configuration Rollback features provide the capability to replace the current running configuration with any saved Cisco IOS configuration file. This functionality can be used to revert to a previous configuration state, rolling back any configuration changes that were made since that configuration file was saved.

Prerequisites:
The format of the configuration files must comply with standard as follows:

  • Start all commands on a new line with no indentation, unless the command is within a configuration submode.
  • Indent commands within a first-level configuration submode one space.
  • Indent commands within a second-level configuration submode two spaces.
  • Indent commands within subsequent submodes accordingly.

Restrictions:

  • If the router does not have free memory larger than the combined size of the two configuration files, the configuration replace operation is not performed.
  • Certain Cisco IOS configuration commands such as those pertaining to physical components of a networking device (for example, physical interfaces) cannot be added or removed from the running configuration.
  • In very rare cases, certain Cisco IOS configuration commands cannot be removed from the Cisco IOS running configuration without reloading the router. A configuration replace operation that attempts to remove this type of command results in error messages indicating that these specific command lines failed.

First of all, enable the archive command, otherwise an error occurs:

%Turn config archive on before using Rollback Confirmed Change

In this tutorial, the archive will have these settings:

Ciscozine-Beta(config)#archive 
Ciscozine-Beta(config-archive)#path disk0:/Backup/backup-
Ciscozine-Beta(config-archive)#write-memory

You can follow two different ways to rollback your configuration:

  • Replace saved configuration from tftp, flash, scp and so on…
  • Rollback the last saved configuration

In this article, I will use the same configurations for all examples:

The current configuration is:

Ciscozine#sh run
Building configuration...

Current configuration : 1158 bytes
!
! Last configuration change at 14:26:41 UTC Thu May 8 2013
upgrade fpd auto
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Ciscozine
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip source-route
ip cef
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 10.0.0.48 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.1.10 255.255.255.0
 duplex half
!
router ospf 1
 redistribute static
 network 192.168.1.0 0.0.0.255 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
!
!
snmp-server community ciscozine RO
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
 transport input all
!
end

Ciscozine#

while the startup configuration / Ciscozine.conf configurations (they are the same to simplify the tutorial) is:

Ciscozine-Beta#sh startup-config 
Building configuration...

Current configuration : 993 bytes
!
! Last configuration change at 14:23:58 UTC Thu May 8 2013
upgrade fpd auto
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Ciscozine-Beta
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip source-route
ip cef
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.10 255.255.255.0
 duplex half
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
!
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
 transport input all
!
end

Ciscozine-Beta#

The difference between the running configuration and the startup / ciscozine.conf configuration are:

Ciscozine-Beta(config)#hostname Ciscozine
Ciscozine(config)#router ospf 1
Ciscozine(config-router)#network 192.168.1.0 0.0.0.255 area 0
Ciscozine(config-router)#redistribute static
Ciscozine(config-router)#snmp-server community ciscozine RO
Ciscozine(config)#interface Loopback1
Ciscozine(config-if)#ip address 10.0.0.48 255.255.255.255

 

Replace saved configuration

Example #1:
Suppose that you want replace your current configuration with the startup configuration and you want display a list of the command lines applied by the Cisco IOS software parser during each pass of the configuration replace operation.

Ciscozine#configure replace nvram:startup-config list
This will apply all necessary additions and deletions
to replace the current running configuration with the
contents of the specified configuration file, which is
assumed to be a complete configuration, not a partial
configuration. Enter Y if you are sure you want to proceed. ? [no]: yes

*May  8 14:32:51.843: Rollback:Acquired Configuration lock.
!Pass 1
!List of Rollback Commands:
no snmp-server community ciscozine RO
router ospf 1
 no network 192.168.1.0 0.0.0.255 area 0
 no redistribute static
no router ospf 1
interface Loopback1
 no ip address 10.0.0.48 255.255.255.255
no interface Loopback1
no hostname Ciscozine
hostname Ciscozine-Beta
end

Total number of passes: 1
Rollback Done

Ciscozine-Beta#
*May  8 14:32:57.455: %LINK-5-CHANGED: Interface Loopback1, changed state to administratively down
*May  8 14:32:58.455: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to down
Ciscozine-Beta#

Note: This is the only method that does not require the archive feature enabled.

 

Example #2:
Suppose that you want replace your current configuration with a configuration stored on the disk0 (disk0:/backup/Ciscozine.conf) in 5 minutes.

The time value specifies the time (in minutes) within which you must enter the “configure confirm” command to confirm replacement of the current running configuration file. If the configure “confirm command” is not entered within the specified time limit, the configuration replace operation is automatically reversed (in other words, the current running configuration file is restored to the configuration state that existed prior to entering the “configure replace” command).

Ciscozine-Beta#configure replace disk0:/Backup/Ciscozine.conf time 5
Rollback Confirmed Change: Backing up current running config to disk0:/Backup/backup-May--8-18-09-00.235-0

This will apply all necessary additions and deletions
to replace the current running configuration with the
contents of the specified configuration file, which is
assumed to be a complete configuration, not a partial
configuration. Enter Y if you are sure you want to proceed. ? [no]: yes

May  8 18:09:01.707: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_BACKUP: Backing up current running config to disk0:/Backup/backup-May--8-18-09-00.235-0
May  8 18:09:02.267: Rollback:Acquired Configuration lock.
% Only classful networks will be redistributed
May  8 18:09:05.659: %LINK-3-UPDOWN: Interface Loopback1, changed state to up
May  8 18:09:06.695: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up
Total number of passes: 2
Rollback Done

Ciscozine#
May  8 18:09:09.011: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_START_ABSTIMER: User: console: Scheduled to rollback to config disk0:/Backup/backup-May--8-18-09-00.235-0 in 5 minutes
Ciscozine#

As you can see above, the system tells that if you do not confirm the new configuration in 5 minutes it will rollback with the previous configuration. The same message will be displayed one minute before the start of the rollback.

Ciscozine#Rollback Confirmed Change: Rollback will begin in one minute.
Enter "configure confirm" if you wish to keep what you've configured

May  8 18:13:09.011: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_WARNING_ABSTIMER: System will rollback to config disk0:/Backup/backup-May--8-18-09-00.235-0 in one minute. Enter "configure confirm" if you wish to keep what you've configured
Ciscozine#

And after 5 minutes the system will start the rollback procedure:

Ciscozine#Rollback Confirmed Change: rolling to:disk0:/Backup/backup-May--8-18-09-00.235-0

May  8 18:14:09.007: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_ROLLBACK_START: Start rolling to: disk0:/Backup/backup-May--8-18-09-00.235-0
May  8 18:14:09.043: Rollback:Acquired Configuration lock.
Ciscozine#
!Pass 1
!List of Rollback Commands:
no snmp-server community ciscozine RO
router ospf 1
 no network 192.168.1.0 0.0.0.255 area 0
 no redistribute static
no router ospf 1
interface FastEthernet0/0
 no shutdown
interface Loopback1
 no ip address 10.0.0.48 255.255.255.255
no interface Loopback1
archive
 no path disk0:/Backup/backup.conf
no hostname Ciscozine
hostname Ciscozine-Beta
archive
 path disk0:/Backup/backup-
end

!Pass 2
!List of Rollback Commands:
 --More-- 
May  8 18:14:12.735: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to down
May  8 18:14:13.147: %LINK-5-CHANGED: Interface Loopback1, changed state to administratively down
May  8 18:14:14.339: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to down
archive   
 write-memory
end

Total number of passes: 2
Rollback Done

Ciscozine-Beta#

The same result occurs with the command “configure revert now” that triggers the rollback immediately.

And how can I save the new configuration? You must simple confirm the new configuration before the time expires (in this case 5 minutes):

Ciscozine#configure confirm 
Ciscozine#
May  8 18:45:39.123: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_CONFIRM: User: console: Confirm the configuration change
Ciscozine#

Note: There are many options with the “configuration replace” command; the most importants are:

  • The force keyword replaces the current running configuration file with the specified saved Cisco IOS configuration file without prompting you for confirmation.
  • The nolock keyword disables the locking of the running configuration file that prevents other users from changing the running configuration during a configuration replace operation.

 

Rollback the last saved configuration

Example#1
Suppose that you are implementing a new configuration on a remote Cisco devices but you want restore in 5 minutes the previous configuration if the configure “confirm command” is not entered.

Ciscozine-Beta#configure terminal revert timer 5
Rollback Confirmed Change: Backing up current running config to disk0:/Backup/backup-May--8-18-50-13.087-1

Enter configuration commands, one per line.  End with CNTL/Z.
Ciscozine-Beta(config)#
Ciscozine-Beta(config)#
May  8 18:50:14.555: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_BACKUP: Backing up current running config to disk0:/Backup/backup-May--8-18-50-13.087-1
May  8 18:50:14.563: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_START_ABSTIMER: User: console: Scheduled to rollback to config disk0:/Backup/backup-May--8-18-50-13.087-1 in 5 minutes
Ciscozine-Beta(config)#

As you can see above, the system tells that if you do not confirm the new configuration in 5 minutes it will rollback with the previous configuration. The same message will be displayed one minute before the start of the rollback.

Ciscozine(config-if)#Rollback Confirmed Change: Rollback will begin in one minute.
Enter "configure confirm" if you wish to keep what you've configured

May  8 18:54:14.563: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_WARNING_ABSTIMER: System will rollback to config disk0:/Backup/backup-May--8-18-50-13.087-1 in one minute. Enter "configure confirm" if you wish to keep what you've configured
Ciscozine(config-if)#

Now suppose that you want add these commands:

Ciscozine-Beta(config)#hostname Ciscozine
Ciscozine(config)#router ospf 1
Ciscozine(config-router)#network 192.168.1.0 0.0.0.255 area 0
Ciscozine(config-router)#redistribute static
Ciscozine(config-router)#snmp-server community ciscozine RO
Ciscozine(config)#interface Loopback1
Ciscozine(config-if)#ip address 10.0.0.48 255.255.255.255

If you don’t confirm the new configuration, after 5 minutes the system will start the rollback procedure:

Ciscozine(config-if)#Rollback Confirmed Change: rolling to:disk0:/Backup/backup-May--8-18-50-13.087-1

May  8 18:55:14.563: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_ROLLBACK_START: Start rolling to: disk0:/Backup/backup-May--8-18-50-13.087-1
May  8 18:55:14.583: Rollback:Acquired Configuration lock.
Ciscozine(config-if)#
!Pass 1
!List of Rollback Commands:
no snmp-server community ciscozine RO
router ospf 1
 no network 192.168.1.0 0.0.0.255 area 0
 no redistribute static
no router ospf 1
interface Loopback1
 no ip address 10.0.0.48 255.255.255.255
no interface Loopback1
no hostname Ciscozine
hostname Ciscozine-Beta
end

Total number of passes: 1
Rollback Done

May  8 18:55:18.411: %LINK-5-CHANGED: Interface Loopback1, changed state to administratively down
Ciscozine-Beta(config-if)#
May  8 18:55:19.411: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to down
Ciscozine-Beta(config-if)#

The same result occurs with the command “configure revert now” that triggers the rollback immediately.

Ciscozine#configure revert now
Rollback Confirmed Change: rolling to:disk0:/Backup/backup-May--8-18-59-40.975-2

May  8 19:00:05.063: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_REVERTNOW: User: console: Rollback immediately.
May  8 19:00:05.067: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_ROLLBACK_START: Start rolling to: disk0:/Backup/backup-May--8-18-59-40.975-2
May  8 19:00:05.083: Rollback:Acquired Configuration lock.
!Pass 1
!List of Rollback Commands:
no snmp-server community ciscozine RO
router ospf 1
 no network 192.168.1.0 0.0.0.255 area 0
 no redistribute static
no router ospf 1
interface Loopback1
 no ip address 10.0.0.48 255.255.255.255
no interface Loopback1
no hostname Ciscozine
hostname Ciscozine-Beta
end

Total number of passes: 1
Rollback Done

Ciscozine-Beta#
May  8 19:00:08.675: %LINK-5-CHANGED: Interface Loopback1, changed state to administratively down
May  8 19:00:09.675: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to down
Ciscozine-Beta#

And how can I save the new configuration? You must simple confirm the new configuration before the time expires (in this case 5 minutes):

Ciscozine-Beta#configure confirm 
Ciscozine-Beta#
May  8 19:00:58.571: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_CONFIRM: User: console: Confirm the configuration change
Ciscozine#

 

Remember: The running configuration lock is automatically cleared at the end of the configuration replace operation. You can display any locks that may be currently applied to the running configuration using the show configuration lock command.

 

References:

Summary
Article Name
Reload in X? Why don't you rollback or replace the configuration?
Description
The Configuration Replace and Configuration Rollback features provide the capability to replace the current running configuration with any saved Cisco IOS configuration file. This functionality can be used to revert to a previous configuration state, rolling back any configuration changes that were made since that configuration file was saved.
Author